Researchers say that even permissions requests aren't enough to stop at least 1,000 Android apps from hoovering your personal data.
{"preview_thumbnail":"https://cdn.flowplayer.com/6684a05f-6468-4ecd-87d5-a748773282a3/i/v-i-8…","video_id":"88d6e78a-49bd-48c2-b802-61c47b8aaa57","player_id":"8ca46225-42a2-4245-9c20-7850ae937431","provider":"flowplayer","video":"Top 10 Countries for Expats"}
According to a report presented at the Federal Trade Commission's PrivacyCon, 1,325 apps in the Google Play Store use workarounds built into their code to subvert users' requests not to harvest their information.
To do so, the report says those apps turn to sources like Wi-Fi and metadata stored in users' pictures to help glean a unique signature and sometimes even a user's location.
The apps found to be sleuthing users' phones for personal data were identified out of 88,000 analyzed by researchers and include popular photo-sharing platforms like Shutterfly.
As reported by CNET, Shutterfly was found to be harvesting GPS coordinates from users' photos even despite the fact that many declined to share their location data within their device.
In some cases, researchers noted that apps were able to piggyback off of other apps permission and access protected files on a user's SD card.
Of the 88,000 apps assessed only 13 were discovered to be doing so.
Among those apps are Baidu's Disneyland App for the company's Hong Kong location.
Google said it plans to fix many of the personal data leaks with the upcoming release of its Android Q operating system, however, users with older devices not as equipped to handle new software may not have easy access to the update.
The research represents yet another fold in the tug-of-war between consumers and companies over the control of personal data.
While most research has been focused on apps and platforms that gather information through more official channels -- Facebook and Google chief among them -- less attention is paid to those that may be gleaning information through side-channels.
